Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2021-26330 AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-26331 AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution. | 7.8 | HIGH | — | 0 |
| CVE-2021-26335 Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resulting... | 7.8 | HIGH | — | 0 |
| CVE-2021-26336 Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other c... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-24598 The Testimonial WordPress plugin before 1.6.0 does not escape some testimonial fields which could allow high privilege users to perform Cross Site Scripting attacks even when the unfiltered_html capab... | 4.8 | MEDIUM | — | 0 |
| CVE-2021-26337 Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-42726 Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the co... | 7.8 | HIGH | — | 0 |
| CVE-2021-43013 Adobe Media Encoder version 15.4.1 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in... | 7.8 | HIGH | — | 0 |
| CVE-2021-42721 Acrobat Bridge versions 11.1.1 and earlier are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the ... | 7.8 | HIGH | — | 0 |
| CVE-2021-42723 Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted SGI file, which could result in a read past the end of an allocated memory structure... | 7.8 | HIGH | — | 0 |
| CVE-2021-42725 Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the co... | 7.8 | HIGH | — | 0 |
| CVE-2021-42731 Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achie... | 7.8 | HIGH | — | 0 |
| CVE-2021-43011 Adobe Prelude version 10.1 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the con... | 7.8 | HIGH | — | 0 |
| CVE-2021-43012 Adobe Prelude version 10.1 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the con... | 7.8 | HIGH | — | 0 |
| CVE-2021-3939 Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change... | 7.8 | HIGH | — | 0 |
| CVE-2021-43337 SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access control rules in SlurmDBD may permit users ... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-0063 Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent ac... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-24772 The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection ... | 8.8 | HIGH | — | 0 |
| CVE-2021-24776 The WP Performance Score Booster WordPress plugin before 2.1 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 4.3 | MEDIUM | — | 0 |
| CVE-2021-24787 The Client Invoicing by Sprout Invoices WordPress plugin before 19.9.7 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks... | 4.8 | MEDIUM | — | 0 |
| CVE-2021-24796 The My Tickets WordPress plugin before 1.8.31 does not properly sanitise and escape the Email field of booked tickets before outputting it in the Payment admin dashboard, which could allow unauthentic... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-24802 The Colorful Categories WordPress plugin before 2.0.15 does not enforce nonce checks which could allow attackers to make a logged in admin or editor change taxonomy colors via a CSRF attack | 6.5 | MEDIUM | — | 0 |
| CVE-2021-24804 The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification se... | 8.8 | HIGH | — | 0 |
| CVE-2021-24815 The Accept Donations with PayPal WordPress plugin before 1.3.2 does not escape the Amount Menu Name field of created Buttons, which could allow a high privilege users to perform Cross-Site Scripting a... | 4.8 | MEDIUM | — | 0 |
| CVE-2021-0064 Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege... | 7.8 | HIGH | — | 0 |
| CVE-2021-24833 The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability, which exists in the Admin preview module where a user with a role as low as author is allowed to ... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-24834 The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability which exists in the Create Poll - Options module where a user with a role as low as author is allo... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-24841 The Helpful WordPress plugin before 4.4.59 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_ht... | 4.8 | MEDIUM | — | 0 |
| CVE-2021-24847 The importFromRedirection AJAX action of the SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 8.2, available to any authenticated user, does not properly sanitise the offset param... | 8.8 | HIGH | — | 0 |
| CVE-2021-24850 The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site ... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-24851 The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status (ie privat... | 4.3 | MEDIUM | — | 0 |
| CVE-2021-24853 The QR Redirector WordPress plugin before 1.6 does not have capability and CSRF checks when saving bulk QR Redirector settings via the qr_save_bulk AJAX action, which could allow any authenticated use... | 4.3 | MEDIUM | — | 0 |
| CVE-2021-24854 The QR Redirector WordPress plugin before 1.6.1 does not sanitise and escape some of the QR Redirect fields, which could allow users with a role as low as Contributor perform Stored Cross-Site Scripti... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-24856 The Shared Files WordPress plugin before 1.6.61 does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks even whe... | 4.8 | MEDIUM | — | 0 |
| CVE-2021-32600 An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x and 5.6.x may allow a local and authenticated user ass... | 5.0 | MEDIUM | — | 0 |
| CVE-2021-41931 The Company's Recruitment Management System in id=2 of the parameter from view_vacancy app on-page appears to be vulnerable to SQL injection. The payloads 19424269' or '1309'='1309 and 39476597' or '2... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-42956 Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches a... | 7.8 | HIGH | — | 0 |
| CVE-2021-42954 Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full... | 7.8 | HIGH | — | 0 |
| CVE-2021-42955 Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Because of the designed password reset mechanism, any non-... | 7.3 | HIGH | — | 0 |
| CVE-2021-29860 IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the libc.a library to expose sensitive information. IBM X-Force ID: 206084. | 6.2 | MEDIUM | — | 0 |
| CVE-2021-29861 IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information. IBM X-Force ID: 206085. | 6.2 | MEDIUM | — | 0 |
| CVE-2021-38959 IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28.0 could allow a local user to cause a denial of service by writing arbitrary files to admin protected directories on the system. ... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-0157 Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | — | 0 |
| CVE-2021-42250 Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs. | 6.5 | MEDIUM | — | 0 |
| CVE-2021-40745 Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. By leveraging an exposed XML file, an unauthenticated attac... | 7.5 | HIGH | — | 0 |
| CVE-2021-32234 SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-43975 In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-o... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-43976 In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_pani... | 4.6 | MEDIUM | — | 0 |
| CVE-2021-43977 SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS. | 6.1 | MEDIUM | — | 0 |
| CVE-2021-0065 Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege ... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.